Module B11 — Governance and Compliance

Governance and Compliance

B2–B8 built the technical controls. They are necessary but not sufficient. CISOs, governance councils, and boards release budget and approval against frameworks — NIST AI RMF, ISO 42001, the EU AI Act — not against a working guardrail. This module is where a control you built becomes the control an auditor signs off on, the AI BOM procurement accepts, and the audit trail a regulator reads. The governance-to-engineering bridge: policy → control → test → audit.

75
minutes
8
artifacts
3
sub-sections
Technical security wins the engineering review; governance and compliance win the enterprise review. An agent with a 4% injection success rate and no AI BOM, no audit trail, and no policy-as-code layer will not clear enterprise governance — and an agent with weaker controls but a complete governance stack will ship first. Where enterprise budgets and board attention actually move. NIST AI RMF (Govern/Map/Measure/Manage) is the central framework; the AI BOM is the central artifact; policy-as-code is the bridge that turns a policy into an enforced, evidenced control.
Key Claims
Load-Bearing Claims

Technical security (B2–B8) is necessary but not sufficient for enterprise adoption. A CISO does not approve production deployment because a guardrail works; a board does not allocate budget because a red-team found the right gaps. They approve and allocate against frameworks — NIST AI RMF, ISO 42001, the EU AI Act's conformity obligations — because those are the instruments their auditors, regulators, and insurers read. The budget and the board attention follow the governance layer. An agent that passes engineering but fails governance does not ship.

NIST AI RMF (AI 100-1) is voluntary in law and mandatory in practice. Its four core functions — Govern (policy, accountability), Map (context, risk surface), Measure (test, evaluate), Manage (mitigate, respond) — operate as a continuous loop. The B2–B8 controls map directly onto them: Govern → policy-as-code (B11.3) + scope file (B0); Map → threat model (B1) + AI BOM (B11.2); Measure → injection rates (B2) + OWASP (B9) + Microsoft taxonomy (B10); Manage → tool governance (B3) + sandbox (B6) + observability (B8). A governance review is not a re-test of controls — it is a request for evidence the mapping is documented.

The AI BOM and the audit trail are the two artifacts every framework asks for first. The AI BOM is the SBOM extended to AI — an inventory of the model (checkpoint, license), training data (provenance, PII), tools/MCP servers, dependencies, config, and external services. An agent without an AI BOM cannot be audited: a vulnerability cannot be traced, a model-version dispute cannot be resolved, a compliance assertion cannot be evidenced. The audit trail is the complete, append-only, tamper-evident record proving controls are enforced, not just documented. EU AI Act Art 12 and HIPAA § 164.312(b) both require completeness — a sampled observability log is useless for compliance.

Policy-as-code is the governance-to-engineering bridge: policy → control → test → audit. A policy in a wiki has no runtime effect; policy-as-code compiles it to a deterministic rule enforced in the harness execution path, where the agent cannot reach it (DD-09 NemoClaw), with zero LLM at runtime (DD-20 IronCurtain), emitting an audit entry for every evaluation. The engine uses default-deny (a missing policy is safety, not openness), policy-aware redaction (B0 retention discipline), and the AI BOM as a policy input. This is the loop, not the pipeline — a static policy document is the loop frozen at stage 1.

After This Module
01
Explain the governance gap — why technical security (B2–B8) is necessary but not sufficient for enterprise adoption, and why a governance and compliance layer is the budget and board layer an agent must pass before production.
02
Map the technical controls from B2–B8 to the four core functions of the NIST AI RMF (AI 100-1) — Govern, Map, Measure, Manage — and explain why the RMF is voluntary yet becoming the de facto US governance standard.
03
Build and read an AI BOM (AI Bill of Materials) — the SBOM concept extended to the model, training data sources, tools/MCP servers, and dependencies — and argue why an agent without an AI BOM cannot be audited.
04
Specify the audit trail fields that make an agent's decisions, tool calls, approvals, and model versions reconstructable after the fact, and connect them to B8's observability layer.
05
Translate a governance policy into an enforceable harness control using the policy-as-code pattern (policy → control → test → audit), tying it to DD-20 IronCurtain's deterministic enforcement and DD-09 NemoClaw's governance-beneath-the-agent pattern.
06
Navigate the compliance frameworks landscape — NIST AI RMF (US, voluntary), EU AI Act compliance engineering, ISO 42001, sector frameworks (HIPAA, FedRAMP) — and reference the CSA NIST AI Agent Standards compliance mapping.
Artifacts
01
Teaching Document
~7,800 words; 3 sub-sections — the governance frameworks (NIST AI RMF four functions + AI 600-1 GenAI profile + Agentic Profile + ISO 42001 + EU AI Act six risk tiers + governance documentation package + landscape), the AI BOM and the audit trail, policy-as-code (the governance-to-engineering bridge); with anti-patterns, key terms, 16 references, and a runnable policy-as-code engine
READ
02
Diagrams
5 Mermaid diagrams — the NIST AI RMF four functions (loop), the AI BOM structure (6 component classes), the audit-trail architecture (policy engine in the execution path), the policy-as-code flow (policy → control → test → audit loop), and the governance-to-engineering bridge (end-to-end synthesis)
READ
03
Slide Deck
14 slides — reveal.js, dark theme, design-system teal; covers the governance gap, RMF four functions, the landscape, AI BOM, audit trail, policy-as-code loop, IronCurtain + NemoClaw references, the policy-as-code engine
READ
04
Teaching Script
Verbatim transcript, ~35 min spoken at ~140 wpm, with [SLIDE N] cues matching the 14-slide deck
READ
05
Flashcards
22 flashcards (TSV) — mix of recall (RMF functions, AI BOM components, audit trail event classes, IronCurtain/NemoClaw contributions) and analysis (governance gap scenarios, policy-as-code design, tamper-evidence, RMF mapping construction)
TEST
06
Exam
15 exam questions, 20/40/40 Bloom (3 recall, 6 application, 6 analysis); multiple choice with rationale; passing 70%
TEST
07
Lab Spec
Build the Governance Layer — three builds in one lab: an AI BOM generator, a policy-as-code engine (default-deny, redaction, BOM integration), and a tamper-evident hash-chained audit-trail writer; Python 3.10+, no GPU, ~60-75 min; produces the three artifacts a governance review asks for first
DO
08
Module Web Page
Single-file HTML hub
HERE